Your example doesn't support TLS upgrading, forcing TLS and plaintext connections to be handled on separate ports. You also ignore authentication and authorization, which are much more important than merely opening an encrypted socket to some arbitrary server.

IRC is a nice protocol for things that don't matter, but it's utterly unsuitable for applications that require security or features beyond "send text and hope some client receives it, eventually".

Among other reasons, because the stream is invalid XML until ended, ruling out the use of 99% of XML libraries and leaving you writing your own crazy custom streaming parser.

The XML is without a doubt the worst thing about XMPP, IMO. The whole point of XML is that it is standardised, and yet until the last second of the stream the whole thing is invalid, ruling out all those standardised tools, removing the point, leaving a vacuum (which you then have to fill with tons of ridiculous reinvention of the wheel).

And don't even get me started on the ridiculous overuse of xml namespaces and the incredible fragmentation of the standard, which is in like 50 different parts. The entire format is an over-generalised, over-engineered, commitee-designed gordian knot of needless complexity, verbosity and just plain ugliness.

Why do you think there are so few XMPP implementations beyond a few mega-projects? Why should it be a mega-project at all? The XML foundation is a huge barrier to implementation and is the perfect example of counter-productive adoption of buzzword-of-the-day ideologies, handicapping a whole ecosystem for years afterwards.

As someone who has written the odd XMPP client I can only say: Amen, Hallejujah.

The idea and birdview architecture of Jabber is great. The execution is so horrible that most people who had the misfortune to work with it only want it to die ASAP.

Most of the problems stem from unfortunate timing. Jabber was invented in the late 90's when XML and Java engineering practices were hyped as the Next Big Thing™. Had it been invented only a few years earlier or later then we might not have anything to complain about today.

Well, my hopes are on google to end the insanity. They have plenty of skilled engineers working on wave. Once those engineers grow tired of the mess they might just go and replace it with something sane.

I agree @TLS, authorization etc, but often those just aren't a priority.

email is often used without any security but it's far from something that "doesn't matter". IM protocols have barely any security, yet we all use them.

E-mail has optional security for things that do matter, namely GPG/PGP for client <-> client and the STARTTLS extension to SMTP for server <-> server. Wave, as a replacement for E-mail, provides pervasive security.

"IM protocols have barely any security" -- given that this discussion is regarding an IM protocol with a built-in high-quality security infrastructure, I don't see how this statement is at all valid.

I was talking about the main IM protocols in use today - yahoo/msn/aim.

You'd be surprised @ plain text. It quickly adds up. I do around 3.5TB of plain text IRC/http a month, and if I could reduce that, I would. If we were all using jabber instead of IRC my bandwidth would be more like 10TB. Quite a difference.

>> "E-mail has optional security for things that do matter, namely GPG/PGP for client <-> client and the STARTTLS extension to SMTP for server <-> server. Wave, as a replacement for E-mail, provides pervasive security."

That comes back to my original comment - I'm not sure it solves any real world problem users have. Users don't care about security like that.

I'm not sure that's accurate. Maybe users don't care about security, but I would venture that's because they don't know any better. I don't think most people understand that their emails and IMs are crossing the web in plaintext, or just how easy it would be for someone unintended to get access to those messages. I don't think it's an informed lack of concern.